Sign up for our weekly security newsletter

Bulletproof Hosts Spam Widely in China

Bulletproof hosting services are being rampantly employed in China for purposes of spamming as well as other cyber attacks, say security researchers at University of Alabama at Birmingham.

A research team from the University of Alabama at Birmingham (UAB), has released a report according to which, bulletproof hosting in China has evolved into a raging problem. Many groups and individuals have abused it to get domain names registered to carry out spamming and other cyber offences.

Bulletproof hosting, which is also called 'bulk friendly hosting', represents a facility from domain hosts that allows substantial leniency to consumers with regard to the type of content they might want to post on the Internet.

Reportedly, this service is comparatively less costly in China, as anyone paying $700 could acquire the utility of an associated server within the country and subsequently use it for sending out any number of spam messages. Still more inexpensive is registering a bulletproof domain that costs $100.

Meanwhile, in a 3-month time span in 2009, the University of Alabama researchers found that over 22,300 domains involved in the distribution of pharmaceutical spam. All these domains used the hosting service of 6 bulletproof servers located in China.

Gary Warner, Director of Research in Computer Forensics, the University of Alabama at Birmingham, states that while only a small number of bulletproof servers can be found across the globe, most of them function in China, as reported by The Whir on May 11, 2009.

Besides, the security researchers stated that nations with a relatively liberal stand on spam like Russia utilize bulletproof hosting because these services are considerably reliable.

In addition, the researchers disclosed that Trojan Waledac that proliferates through smart social engineering tactics relies on bulletproof domains in order to remain alive.

Interestingly, rather than hiding the fact that their hosting services enable spamming, many of the bulletproof hosts openly promote themselves as being friendly to spam. One bulletproof host, Tecom, encourages prospective customers to buy its services by saying that consumers need not worry about service termination in the wake of spam complaints.

Although China has embarked on strengthening its legislation regarding cyber crimes with some seemingly online identity thieves arrested recently, the country needs to do more and bring an end to spamming that occurs through bulletproof hosting, said security researchers.